General
-
Target
2c15cd1a06ff57fa34b1f77d9e2665455b7eaf305400a87d200cdf067e6bda41
-
Size
86KB
-
Sample
210727-ze11n8a2ba
-
MD5
19c920598bc6c4939ea484862fca2364
-
SHA1
6b27fec9c9c5e147a63a66aee37f35814947feb1
-
SHA256
2c15cd1a06ff57fa34b1f77d9e2665455b7eaf305400a87d200cdf067e6bda41
-
SHA512
25eee7c2478e00a99870b7138dc8e93e8c427fc76d46d8d12ad50da4927cfea641edb5575e8d91928e5e9755666ef41d155ab42221381dcb364ff3c91ecf6a28
Static task
static1
Behavioral task
behavioral1
Sample
2c15cd1a06ff57fa34b1f77d9e2665455b7eaf305400a87d200cdf067e6bda41.rtf
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sodag-agricole.com - Port:
587 - Username:
sodag@sodag-agricole.com - Password:
agricole**sodag+1990
Targets
-
-
Target
2c15cd1a06ff57fa34b1f77d9e2665455b7eaf305400a87d200cdf067e6bda41
-
Size
86KB
-
MD5
19c920598bc6c4939ea484862fca2364
-
SHA1
6b27fec9c9c5e147a63a66aee37f35814947feb1
-
SHA256
2c15cd1a06ff57fa34b1f77d9e2665455b7eaf305400a87d200cdf067e6bda41
-
SHA512
25eee7c2478e00a99870b7138dc8e93e8c427fc76d46d8d12ad50da4927cfea641edb5575e8d91928e5e9755666ef41d155ab42221381dcb364ff3c91ecf6a28
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-